Emerging Threats | Intel 471 Skip to content

Emerging Threats

Hero background fallback
VanHelsing Ransomware
Emerging Threats// Apr 02, 2025

VanHelsing Ransomware

Launched in March 2025, the cross-platform VanHelsing ransomware-as-a-service quickly attracted affiliates with its profit-sharing model and intuitive control panel, infecting multiple victims within weeks and showing signs o...
Update: Medusa Ransomware
Emerging Threats// Mar 26, 2025

Update: Medusa Ransomware

Medusa ransomware, active since 2021, continues to target critical infrastructure through unpatched applications and brokered access. Affiliates use living-off-the-land techniques and double-extortion tactics, prompting a new...
Update: LockBit Ransomware
Emerging Threats// Mar 17, 2025

Update: LockBit Ransomware

LockBit 4.0 continues to evolve with enhanced evasion techniques, making it a persistent threat to organizations, and Intel 471 has updated its collection with relevant Hunt Packages to support detection efforts.
Update: Black Basta Ransomware and Threat Group
Emerging Threats// Mar 05, 2025

Update: Black Basta Ransomware and Threat Group

A significant leak of internal chat logs from within Black Basta ransomware group has provided the community with a glimpse into their operations, including further information regarding their capabilities, tools and motivati...
BadPilot Campaign
Emerging Threats// Feb 26, 2025

BadPilot Campaign

The subgroup conducting BadPilot has been observed to be exploiting known vulnerabilities, such as CVE-2024-1709 (ConnectWise ScreenConnect) and CVE-2023-48788 (Fortinet FortiClient EMS), as well as abusing remote access tool...
Android trojan TgToxic updates its capabilities
Security Operations// Feb 24, 2025

Android trojan TgToxic updates its capabilities

Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.
DeepSeek AI poses cybersecurity risks
Threat Intelligence// Feb 07, 2025

DeepSeek AI poses cybersecurity risks

China-based DeepSeek has upended notions about AI development and prompted security concerns. Here is a briefing on DeepSeek and how cybercriminals are viewing its development.
Remote Monitoring and Management (RMM) Abuse
Emerging Threats// Jan 29, 2025

Remote Monitoring and Management (RMM) Abuse

Remote Monitoring and Management tools have been legitimately used by IT professionals, managed service providers and system administrators. However, these capabilities can be abused and exploited when in a threat actor's han...
How ransomware may trend in 2025
Cybercriminals// Malicious Actors// Jan 21, 2025

How ransomware may trend in 2025

New variants and threat actor groups kept up the tempo of ransomware attacks in 2024. Here's a look at how this type of pervasive cybercrime may trend this year.
What 2025 May Hold for Cybersecurity
Emerging Threats// Jan 08, 2025

What 2025 May Hold for Cybersecurity

Here are insights into what 2025 may hold in cybersecurity based on Intel 471’s historical analyses of trends and intelligence collection.

Subscribe

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.

© 2025 Intel 471  |  Privacy Policy  |  Terms of Service  |  Legal Agreements  |  Modern Slavery and Human Trafficking Statement